<?php
	if ( !defined('IN_SITE') ){
		die('');
	}
	
	$base_url = 'index.php';

function check_login(){
	global $template, $site_option, $db;

	$cookie_logid		= $site_option['cookie_login_id'];
	$login_expiretime	= $site_option['login_expiretime'];

//	$login_id 	= isset($_COOKIE[$cookie_logid]) ? htmlspecialchars($_COOKIE[$cookie_logid]) : '';
	$login_id	= isset($_SESSION[$cookie_logid]) ? htmlspecialchars($_SESSION[$cookie_logid]) : '';

	if (!empty($login_id)){
		$login_time = time() - $login_expiretime;
		$sql = "SELECT user_id FROM admin_users WHERE user_login_id='" . $login_id . "' AND user_login_time>=$login_time";
		if ( !$result = $db->sql_query($sql) ){
			message_die("Couldn't run the sql query!!!", "", __LINE__, __FILE__, $sql);
		}
		if ($db->sql_numrows($result)){
			return true;
		}
	}
	redirect("index.php");
	return false;
}
function get_user_info(){
	global $db, $site_option, $base_url;

	$cookie_logid	= $site_option['cookie_login_id'];
//	$login_id		= isset($_COOKIE[$cookie_logid]) ? htmlspecialchars($_COOKIE[$cookie_logid]) : '';
	$login_id		= isset($_SESSION[$cookie_logid]) ? htmlspecialchars($_SESSION[$cookie_logid]) : '';

	if (!empty($login_id)){
		$sql = "SELECT * FROM admin_users WHERE user_login_id='".$login_id."'";				
		
		if ( !$result = $db->sql_query($sql) ) {
			message_die("Couldn't run the sql query!!!", "", __LINE__, __FILE__, $sql);
		}
		$user_count = $db->sql_numrows($result);
		$user_info  = $db->sql_fetchrow($result);
		$db->sql_freeresult($result);	
		return $user_info;			
	}

	redirect($base_url);
	return 0;
}
function check_any_auth($function_url){
	global $db, $access_user;

	$user_info = get_user_info();
	if ($user_info['user_level'] == SYSTEM_ADMIN) return -1;//Admin

	$sql = 'SELECT AAA.* FROM admin_auth_access AS AAA, admin_functions AS AF WHERE AF.function_id=AAA.function_id AND AF.function_url="'. $function_url .'" AND AAA.user_id='. $user_info['user_id'];
	if ( !$result = $db->sql_query($sql) ) {
		message_die("Couldn't run the sql query!!!", "", __LINE__, __FILE__, $sql);
	}
	
	$function_count = $db->sql_numrows($result);
	$function_info  = $db->sql_fetchrow($result);	
	$db->sql_freeresult($result);

	if ($function_count){
		$auth_level = $function_info['auth_level'];
		if (isset($access_user[$auth_level])){
			reset($access_user[$auth_level]);
			while (list(, $access) = each($access_user[$auth_level])){
				if ($access == 'yes') return $auth_level;
			}
		}
	}
	die("You don't have permission to access this function");
	return 0;	
}
function check_specify_auth($auth_level, $act, $pause=1){
	global $access_user;
	if ($auth_level==-1){ //Admin
		return true;
	}
	if ( isset($access_user[$auth_level][$act]) && ($access_user[$auth_level][$act] == "yes") ){
		return true;
	}
	if ($pause){
		die("You don't have permission to access this function. <a href='javascript:history.back(-1);'>Back</a>");
	}
	return false;
}
function check_file_type($filename){
	global $upload_type;

	//Get file type
	$start = strrpos($filename,".");
	if ($start == strlen($filename)) return false;

	$user_type = strtolower(substr($filename, $start+1));

	$allow_type = explode(',', $upload_type);
	reset ($allow_type);
	while (list(, $val)=each($allow_type)){
	       if ($val == $user_type) return true;
	}

	return false;
}
function getYearExpried($strTime='',$intTime=1){
// return date is expired
	$epriTime='';
	$strTime=strtotime($strTime);	
	$epriTime=date('Y-m-d',strtotime("+$intTime year",$strTime));
	return $epriTime;	
}
//----------------------------------------------------------------------------------------------
function getCustCat($lang='vn',$id=0){
	global $db,$template;
		$sql="select * from vb_ypcategory where cat_active=1 and cat_Level=1";				 
	  	//tri: $sql.=$lang=='vn' ? ' order by cat_Name_vn' : ' order by cat_Name';
		switch($lang){
			case "cn" :
				$sql .=  ' order by cat_Name_cn' ;
				break ;
			case "en" :
				$sql .=  ' order by cat_Name' ;
				break ;
			default :
				$sql .=  ' order by cat_Name_vn' ;
		}
	if($id){
	   $sql.=" and catID=".$id;   
		
		 if(!$result=$db->sql_query($sql)){
			message_die("Couldn't run the sql query!!!","",__LINE__,__FILE__,$sql);
		 }
		 $sql_data = $db->sql_fetchrow($result);
		 
		switch($lang){
			case "cn" :
				$btype =  $sql_data["cat_Name_cn"] ;
				break ;
			case "en" :
				$btype =  $sql_data["cat_Name"] ;
				break ;
			default :
				$btype =  $sql_data["cat_Name_vn"] ;
		}
		
		return $btype;
	  }
  
	if(!$result=$db->sql_query($sql)){
		message_die("Couldn't run the sql query!!!", "", __LINE__, __FILE__, $sql);
	}
	$cat_count=$db->sql_numrows($result);
	$cat_data=$db->sql_fetchrowset($result);
	
	for($i=0;$i<$cat_count;$i++){
	 //tri: $btype= $lang=='vn'  ?$cat_data[$i]["cat_Name_vn"]	 :$cat_data[$i]["cat_Name"]	;
	 	switch($lang){
			case "cn" :
				$btype =  $cat_data[$i]["cat_Name_cn"] ;
				break ;
			case "en" :
				$btype =  $cat_data[$i]["cat_Name"] ;
				break ;
			default :
				$btype =  $cat_data[$i]["cat_Name_vn"] ;
		}
		$template->assign_block_vars("catrow", array(			
			'catValue'		=> $cat_data[$i]["catID"],	
			'catCaption'   	=>  $btype  	
		));
	}
  unset($cat_data);
} 
function getCusBussType($lang='vn',$busID=0){
	 //tri:
	 global $template, $db;	
	  $sql="select * from vb_businesstype"; 
	 
	  if($busID){
		 $sql.=" where id=".$busID;      
		 if(!$result=$db->sql_query($sql)){
			message_die("Couldn't run the sql query!!!","",__LINE__,__FILE__,$sql);
		 }
		 $sql_data = $db->sql_fetchrow($result);
	
		//tri: xu ly ngon ngu
			switch($lang){
				case "cn" :
					$btype =  $sql_data["c_name_cn"] ;
					break ;
				case "en" :
					$btype =  $sql_data["c_name"] ;
					break ;
				default :
					$btype =  $sql_data["c_name_vn"] ;
			}
		
		 return $btype ;
	  }
		switch($lang){
			case "cn" :
				$sql .=  ' order by c_name_cn' ;
				break ;
			case "en" :
				$sql .=  ' order by c_name' ;
				break ;
			default :
				$sql .=  ' order by c_name_vn' ;
		}
	 
	  if(!$result=$db->sql_query($sql)){
		message_die("Couldn't run the sql query!!!","",__LINE__,__FILE__,$sql);
	  }
	  
	  $dep_count=$db->sql_numrows($result);
	  $dep_data=$db->sql_fetchrowset($result);	
	  $db->sql_freeresult($result);
	  
	  for($i=0;$i<$dep_count;$i++){
	  	//tri:$btype= $lang=='vn'  ? $dep_data[$i]["c_name_vn"] : $dep_data[$i]["c_name"]	;	 
			switch($lang){
				case "cn" :
					$btype =  $dep_data[$i]["c_name_cn"]  ;
					break ;
				case "en" :
					$btype =  $dep_data[$i]["c_name"] ;
					break ;
				default :
					$btype =   $dep_data[$i]["c_name_vn"] ;
			}
		  
		$template->assign_block_vars("busType",array(
			 "bvalue"     => $dep_data[$i]["id"],
			 "bcaption"  =>  $btype
		)) ;
	  }
	  unset($dep_data);
	  return true;

}
function getCustJobTitle($lang='vn',$jobID=0){
 global $template, $db;	
 
  $sql="select * from vb_jobtitle";
  //tri:$sql.= $lang=='vn' ? ' order by c_name_vn' : ' order by c_name';
  		switch($lang){
			case "cn" :
				$sql .=  ' order by c_name_cn' ;
				break ;
			case "en" :
				$sql .=  ' order by c_name' ;
				break ;
			default :
				$sql .=  ' order by c_name_vn' ;
		}
  if($jobID){
   $sql.=" where id=".$jobID;
     if(!$result=$db->sql_query($sql)){
  		message_die("Couldn't run the sql query!!!","",__LINE__,__FILE__,$sql);
 	 }
	 $sql_data = $db->sql_fetchrow($result);
	   //tri: $btype= $lang=='vn'  ? $sql_data["c_name_vn1"] : $sql_data["c_name1"];
	   		switch($lang){
				case "cn" :
					$btype =  $sql_data["c_name_cn"] ;
					break ;
				case "en" :
					$btype =  $sql_data["c_name"] ;
					break ;
				default :
					$btype =  $sql_data["c_name_vn"] ;
			}
	 return  $btype;
  }
  
  if(!$result=$db->sql_query($sql)){
  	message_die("Couldn't run the sql query!!!","",__LINE__,__FILE__,$sql);
  }
 
  $dep_count=$db->sql_numrows($result);
  $dep_data=$db->sql_fetchrowset($result);	
  $db->sql_freeresult($result);
  
  for($i=0;$i<$dep_count;$i++){
    //tri: $btype= $lang=='vn'  ? $dep_data[$i]["c_name_vn"] : $dep_data[$i]["c_name"];
			switch($lang){
				case "cn" :
					$btype =  $dep_data[$i]["c_name_cn"]  ;
					break ;
				case "en" :
					$btype =  $dep_data[$i]["c_name"] ;
					break ;
				default :
					$btype =   $dep_data[$i]["c_name_vn"] ;
			}
			
   	$template->assign_block_vars("jobType",array(
	 "bvalue"     => $dep_data[$i]["id"],
	 "bcaption"  =>$btype
	)) ;
  }
  unset($dep_data);
  return true;
 
}
function showCustCategory($lang='vn',$cat=''){
	global $template, $db;	
	
	$arr1=explode(",",$cat);
	$c1=sizeof($arr1)-1;
	
	for($i=0;$i<$c1;$i++){
		if(!empty($arr1[$i])){ 
			$where=ereg_replace("-",",",$arr1[$i]);
			$sql="select cat_Name,cat_Name_vn,cat_Name_cn from vb_ypcategory where catID in (".$where.") order by catID";  
			
			if(!$result=$db->sql_query($sql)){
				message_die("Couldn't run the sql query!!!","",__LINE__,__FILE__,$sql);
			}
			$cat_count=$db->sql_numrows($result);
			$cat_data=$db->sql_fetchrowset($result);	 
			for($j=0;$j<$cat_count;$j++){	
				//tri: $cname= $lang=='vn'  ? $cat_data[$j]["cat_Name_vn"] : $cat_data[$j]["cat_Name"];
				switch($lang){
					case "cn" :
						$cname = $cat_data[$j]["cat_Name_cn"]  ;
						break ;
					case "en" :
						$cname = $cat_data[$j]["cat_Name"] ;
						break ;
					default :
						$cname = $cat_data[$j]["cat_Name_vn"] ;
				}
				$catCap = isset($catCap) ? $catCap.">>".$cname : $cname;
				$cname  = '';
			}
			$template->assign_block_vars("catrows",array(
				"catValue"    => $arr1[$i],
				"catCaption"  => $catCap
			)) ;
		}	
	unset($catCap);
	}
	return true;
}
function showCustTrade($cat='',$memid=0){
	global $template, $db;	
	
	$where='';
	if(empty($cat)){
		return;
	}
	$arr1 = explode(",",$cat);
	$c1	  = sizeof($arr1)-1;
	
	for($i=0;$i<$c1;$i++){
		if(!empty($arr1[$i])){
			$where .= !empty($where) ? ','.$arr1[$i] : $arr1[$i];
		}
	}
	
	$sql="select vt.* from vb_trade vt inner join vb_tradeno vtn on vt.trade_id=vtn.trade_id
	where id in (".$where.") and vtn.memID=$memid order by trade_no";
	 
	if(!$result=$db->sql_query($sql)){
		message_die("Couldn't run the sql query!!!","",__LINE__,__FILE__,$sql);
	}
	$cat_count=$db->sql_numrows($result);
	$cat_data=$db->sql_fetchrowset($result);
		 
	for($j=0;$j<$cat_count;$j++){	
		$template->assign_block_vars("traderow",array(
			"catValue"     => $cat_data[$j]['id'],
			"catCaption"  =>  $cat_data[$j]['c_name'],
		)) ;
	}
	return true;
}
?>